Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

h00manist writes "Nicholas Merrill ran a New York based ISP and got tired of federal 'information requests.' He is now planning an ISP which would be built from the ground up for privacy. Everything encrypted, maximum technical and legal resistance to information requests. Merrill has formed an advisory board with members including Sascha Meinrath from the New America Foundation; former NSA technical director Brian Snow; and Jacob Appelbaum from the Tor Project. Kickstarter-like IndieGoGo has a project page."

The recent outcry by the American Media complaining of mass riots over the Russian election has gotten me thinking. Do the youth in Russia protesting understand exactly how free they are compared with the American's slandering them? Consider the facts.

1. America's Free Press

Six Corporations control the American press (Walt Disney, General Electric, New Corporation, Viacom, CBS, and Time Warner), whether in print, or on t

I'm trying to figure this post out - did you put it up ironically, like, "Hey, look how completely uninformed this Russian guy is about the U.S., isn't this funny?" Or were you actually serious? The cluelessness meter is off the charts, but I can't tell if it is a joke or not...

I dont think he fails to account for other news medias.I think he means that the big corporations disparage and disregard the other outlets publicly, calling them bloggers and such, to the point that they slandered out of legitimacy.

When they say "the right to pray" what the mean is "the right to make others pray, or at least feel marginalized by forcing them to stand out as not part of the group if they choose not to participate."

Anyone can pray anytime, anywhere. A kid can pray in school. What CAN'T happen is the school can;t LEAD A PRAYER and therefore use authority to enforce that religion.

That's what they are really saying, but they LIE CONSTANTLY about it, those moral religious folks.

I'm glad you don't like vouchers. I don't either, as I think it's a way to send public tax money to private, religious, and charter schools.

Charter schools, by the way, are a calculated mechanism to pay teachers less, break the NEA, and force school districts into bankruptcy by taking district funding without being forced to take any student.

The representatives of charter schools can go door to door for only the kids they want (read: the top-scoring stu

The United States hasn't used rubber bullets against protesters as Georgian president Sakashvili did multiple times in recent years

I have to completely disagree with this, as my roommate showed me pictures where he and his girlfriend got hit with rubber bullets while protesting the FTAA in 2003.

He and his gf were hit on their legs and arms, but one woman was hit on her temple and he said she was completely knocked out and they had to help carry her off into the 'ghetto' where the police were forcing protesters to move into --he was also a camera operator at that protest and was told by locals in that 'sub par' neighborhood that 'non-lo

Do the youth in Russia protesting understand exactly how free they are compared with the American's slandering them? Consider the facts.

Sorry, but the opinion of the uneducated is of no interest whatever to me. Your "journalist" should learn when, and more importantly when NOT, to use simple punctuation and I'll read his tripe. But what an aliterate says is of no value to me. I'm surprised you'd quote such a rag.

If it was meant as a possessive it should have read "compared with the Americans' slandering of

2) If it's who we suspect, he did more than merely state his opinions. His "recording tapes and CDs denouncing America's policies as immoral, and oppressive" was not why the action was authorized, or many more "assassinations" and arrests would be ongoing.

3) You have the right to pray. You do not have the right to influence or force others to pray. There is a not so subtle differe

If he pulls this off, expect tougher laws on data collection requirements for ISPs.

Whether he pulls it off or not it wont stop the FBI from spying on someone. It just makes it more expensive.

The FBI keeps making the mistake of thinking changing the laws is the solution to everything. Technological solutions already solve this problem. These solutions I don't feel like I have to mention but they certainly cost more and they aren't blanket surveillance solutions.

And that's probably what the FBI wanted. The FBI probably wanted blanket surveillance on the cheap and this makes it too costly.

Here is what you want to read.http://www.govtrack.us/congress/bills/110/s1738

Sec. 501. Reporting requirements of electronic communication service providers and remote computing service providers.Tosave you time - Nowhere does it claim they HAVE to maintain certain records or monitor etc... in fact they explicitly state that, however once asked for information they do have to provide information they do have and such requests are to handled as a request to preserve records (that do exist at the time of receipt).

The Freedom of Information Act is required to release information on public request. Doesn't mean they can't redact it.

And "by law" should read "by legislation". Huge difference, the lack of comprehension about which enables them to call any old thing law. "Legislation" and "legal" come from the root word legis, and are bureaucratic terms - not law. They concern the legitimacy of the paperwork process involved: Everything dated correctly? Signed by the right parties? Turned in on time? Great! It's l

he United States does not have any Internet Service Provider (ISP) data retention laws similar to the European Data Retention Directive.[19] All attempts have failed:

In 1999 two models of mandatory data retention were suggested for the US: What IP address was assigned to a customer at a specific time. In the second model, "which is closer to what Europe adopted", telephone numbers dialed, contents of Web pages visited, and recipients of e-mail messages must be retained by the ISP for an unspecified amount of time.[20][21][22]

The Internet Stopping Adults Facilitating the Exploitation of Today's Youth (SAFETY) Act of 2009 also known as H.R. 1076 and S.436 would require providers of "electronic communication or remote computing services" to "retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."[23] This bill never became a law. [24]

Make logs useless.Like "okay, i need to log ips? The Customer gets a private one, which is mapped 1:1 to a public one. No logs of the mapping"Like a anonymous-VPN built into the ISP itself. The anonymous VPN is legal, the ISP is legal, why not the combination?

Even if he builds this ISP it's very unlikely he will be able to build it in such a way that there is no FBI surveillance of the ISP itself or backdoors or moles etc. Basically there is nothing he can do if the FBI is determined to wiretap someone.

What this does is it makes it too expensive for the FBI to wiretap and monitor millions of people at a time. It does not prevent the FBI from wiretapping any specific person. If the FBI puts anyone under physical surveillance then none of that fancy encryption or

Nicholas Merrill ran a New York based ISP and got tired of federal 'information requests'....maximum technical and legal resistance to information requests.

He's tired of fighting The Man, so he's going to set up a new ISP which will let him fight The Man even more? That doesn't even begin to approach making sense. Is this like Fight Club or something?

Its actually quite ingenious... He's going to create an ISP where it is much-more-difficult to compromise a users privacy. They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

Another possibility, however, is if he gets anywhere close to a working model where this is possible that he suddenly has an "accident," or his data-center suffers a "mysterious fire." Or maybe the CIA kills his network engineers the way Israel kills mechanical engineers they think can build high-speed centrifuges in Iran.

Far closer to the idea that he has 100 customers but needs 10,000 to fund the operations. Can something like this ever get enough customers to operate? Not if they charge a penny more than a non-privacy protecting ISP - it simply isn't a priority for most people. A few, yes, and that is all the customers something like this would ever have.

Far too few to make a go of it. No reason for anyone to attack it - it will die of lack of interest.

Its actually quite ingenious... He's going to create an ISP where it is much-more-difficult to compromise a users privacy. They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

It is not without precedent. After the PATRIOT Act made it legal to for the feds to confiscate book borrowing records from libraries without even a warrant, most libraries switched over to lending software that deleted all records once a book was returned. So, at worst, the feds could find out what a patron currently had checked out, but no borrowing history was available to anyone.

As far as I know, the DOJ hasn't tried, at least in court, to make a library use a less privacy-preserving system.

Its actually quite ingenious... He's going to create an ISP where it is much-more-difficult to compromise a users privacy. They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

It is not without precedent. After the PATRIOT Act made it legal to for the feds to confiscate book borrowing records from libraries without even a warrant, most libraries switched over to lending software that deleted all records once a book was returned. So, at worst, the feds could find out what a patron currently had checked out, but no borrowing history was available to anyone.

As far as I know, the DOJ hasn't tried, at least in court, to make a library use a less privacy-preserving system.

Its actually quite ingenious... He's going to create an ISP where it is much-more-difficult to compromise a users privacy. They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

It is not without precedent. After the PATRIOT Act made it legal to for the feds to confiscate book borrowing records from libraries without even a warrant, most libraries switched over to lending software that deleted all records once a book was returned. So, at worst, the feds could find out what a patron currently had checked out, but no borrowing history was available to anyone.

As far as I know, the DOJ hasn't tried, at least in court, to make a library use a less privacy-preserving system.

What everyone fails to consider is the feds can just take the data they want whether you legally give it to them or not. The feds have all the technological and physical means to take any information from any ISP or entity.

They can do it the legal way and have guys in suits and ties walk in with the Patriot Act or National Security letter or whatever and politely ask for it, or they can send some blackhats in to steal or hack the information. This ISP is simply going to make the feds rely more on extrajudic

But I will point out that your objection is specious. Budgeting doesn't depend on who borrowed a book, only that it was borrowed.

You specified that *all* records were deleted - which means there's no record of it being borrowed. But getting details wrong is typical when you make stuff up.

Now you're just being an ass.

I spent many years working as an IT manager for academic libraries. Jah-Wren is correct. Subsequent to the PATRIOT Act, almost every library which previously had kept borrower history (and even this was not universal since many libraries already took an aggressive approach to the ALA privacy philosophy) began deleting identifiable borrower information, preserving only statistical data like number of times circulated/browsed/renewed, length of loan, etc. And for

After the PATRIOT Act made it legal to for the feds to confiscate book borrowing records from libraries without even a warrant, most libraries switched over to lending software that deleted all records once a book was returned.

Not buying it - as circulation records are a libraries lifeblood come budget time.

They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

Who he already fought. This guy is the same guy who fought (successfully), the national security letter he recieved in 2007.

He's tired of fighting The Man, so he's going to set up a new ISP which will let him fight The Man even more? That doesn't even begin to approach making sense.

Complying with these sorts of requests is costly, particularly for a little guy.So by not collecting the data in the first place they save themselves a lot of work.It is far easier to say flat out, "sorry we don't have that information" than it is to go dig through months or even years of logs.

If more companies would see it as a way to save money, we might actually start to get corporate interests aligned with personal privacy again.

Will people pay for supposed "privacy"? Sure, a few would but absolutely not everyone. Or even a majority of people.

The fact that the local police or FBI can subpoena records held by your ISP to find out what you have been doing online and that Google will disclose that you have been researching poisons if your spouse suddenly dies of some rare and obscure poison is irrelevent to most people. Most people more or less figure that if you have been researching poisons and your spouse dies from one that you probably did it and deserve what is coming.

The fact that it is possible - maybe a 0.001% chance - that an innocent person might be caught up in something like this is remote enough to most people to completely discount it happening. Not. Important. For. Them.

If you are downloading movies, music, software, ebooks and whatever else you can grab off BitTorrent today and after a huge legal effort you get caught, well, most people's attitude is (a) I wish I knew how to do that... and (b) sucks to be you. Again, the offender is 99% of the time the person getting nailed and while there is a possiblity of the wrong person getting stuck with the bill we have seen through history that it is rare enough that most people discount it ever possibly happening to them. So it isn't important.

So this can be planned and might attract a few geeky investors. But it is extremely unlikely to survive even one year and probably won't ever be launched. The reality is that almost nobody cares will sink in and doom the project.

Nice idea. Too bad nobody cares. I do not see it affecting mainstream cable companies in the slightest little bit.

The fact that the local police or FBI can subpoena records held by your ISP to find out what you have been doing online and that Google will disclose that you have been researching poisons if your spouse suddenly dies of some rare and obscure poison is irrelevent to most people. Most people more or less figure that if you have been researching poisons and your spouse dies from one that you probably did it and deserve what is coming.

That, or most people will realize the fact that it is circumstantial evidence and it won't get you convicted unless there is abundant additional evidence that ties you to the crime (or you base your defense on ignorance of poisons and your search history proves you are lying).

But I agree with the larger point, that people mostly don't care if the authorities can get access to their search histories and that it is unlikely this company would find more than a niche market.

"The fact that it is possible - maybe a 0.001% chance - that an innocent person might be caught up in something like this is remote enough to most people to completely discount it happening. Not. Important. For. Them."

This is the thing. It'll happen. It took royalty getting caught up in the Murdoch phone hacking thing, but now that cat is starting to come out of the bag. I think it's safe to say that the U.K. has a more evolved, through experience, and more enlightened view of the dangers of digital netw

Will people pay for supposed "privacy"? Sure, a few would but absolutely not everyone.

Some businesses may be willing to pay for this kind of privacy.

After all, if the system is better at protecting the privacy of a customer from the US government, it may also be better at protecting such information from hackers, disgruntled employees, and/or corporate espionage.

Now, I'm not saying this kind of service will have many customers, but I could certainly envision a number of businesses be willing to pay a very high premium for this kind of added security layer (assuming this new ISP does a good j

No, of course, not the majority of people will be interested in this. But I know many non-techy people interested in keeping their data as secure and un-snooped as possible. What mechanisms do they have? Well, to prefer encrypted channels, to avoid storing any meaningful data on well-known big-brand providers as Google, Yahoo and the such. My friends are somewhat naÃve, I know â" But, using Tor for accessing some sensitive information (even with its limitations), handling their mail at a more "tru

Seriously, while I love the idea, and really do wish them well, they are effectively just stinging a squad of ogres armed with flamethrowers.

The RSA, CIA, FBI, and DHS all have strongly vested interests in destroying private correspondence for anyone but themselves.

The MPAA, RIAA, and associated gaggle of goons act like they used a hornet's nest suppository at the mere mention that they are anything but "helpless victims" of intellectual property theft, and that the bad, bad, ISPs just wont beweeve dem! (Wh

This sounds like the makings of a target-rich nailing list for the Feds. Sure, let them build it. We want to see who comes! Now we can concentrate our not inconsiderable assets on cracking this who's who list of the criminal underworld. Why, it's almost as if they had something to hide...

First, government surveillance of the internet is a solved problem - it's already comprehensive and embedded in the infrastructure of every major carrier and exchange. What good is a theoretically surveillance-free ISP if you can only talk to other customers of the same ISP? The ISP would not be surveillance-free much longer if it ever build any kind of user base.

Second, essentially everyone on the internet leaves - even if they take pains t

I have Comcast for high speed internet, or nothing!
I don't care if you encrypt my information or send it to the cloud in China, having some competition is better than living in a monopolistic world where the monopolies even corrupt the government [huffingtonpost.com]

The service will probably be ridiculously expensive to cover staff and equipment costs, not to mention the federal, state, and local governments are going to give him a rough time at any chance possible.....but I wish him luck regardless. I just hope this doesn't result in more draconian measures taken by Congress if it does happen to be a success.

If the ISP uses NAT instead of real IP addresses for each customer, that would cover the vast majority of issues that currently impact customers. If IP addresses are shared, they can't trace back an IP address to a single account holder.

Short of that, you could set up a localized TOR network that only consists of local users on the same broadband connection, so that it has nearly the speed of a native connection while providing a good deal of privacy. If you had a broadband provider that included that by default in a provided router, that would be great.

you won't need nat or stuff like tor.just assign the customer one ip(i.e. from a private range), map it 1:1 to another ip(needs to be public) and it won't even break p2p (open ports, etc.), but if you do not log how you mapped the ips, any ip log of only private/only public ips is worthless.

its always based on this. but TFA says, this ISP defines itself by avoiding to log the crucial stuff needed to associate an ip adress with a name. How they can do it, depends on the loopholes in surveilance laws.

If he intends to seriously run everything encrypted no Tier 1 provider will peer with him, its that simple.

Even if they wanted to peer with him you can be damn sure the NSA,FBI,CIA and every other 3 letter acronym intelligence agency will have a quiet meeting with some CEO's and that will be the end of it because whether you like it or not there are some people and groups we need to keep tabs on and you really want your government to catch before they do something really nasty and NO this is not about torrents or PB or any other crap like that the CIA and the NSA could care less about.

... and NO this is not about torrents or PB or any other crap like that the CIA and the NSA could care less about.

This (naively) assumes the Government is working for the benefit of the People, and not for the Corporations. But is this assumption (still?) true in this day and age? And if it was, how long will it remain true in the foreseeable future?

You could have an agreement with who you sold it to, but they would be under no obligation to have a similar agreement with whomever they in turn sold it to. I am not a lawyer, but I highly doubt there is any way to enforce something like that on down the line of future sales.

A clause in a sales contract that said all future sales had to include the following terms... would be unlikely to be enforceable. So sure, you could put it in, but then what? If it isn't enforcible and auditable leave it out and

But to try and stop this you could hamper your terms and conditions so that it has certain immutable clauses. Most services' T&Cs have a ambiguous little clause in them that essentially allows the owner to change any clause in the document without notification or permission. If you excluded certain clauses from this the people who bought the service from you would still have to follow those terms for them to be binding. That is to say they'd either not change them

Is this guy retaining logs matching IP addresses to customers? Its hard to tell from TFA if he is but if he is not it becomes very very difficult to link a visit to a web page or a download from a Torrent back to the human being that carried out the action.

Who cares about encrypted email when it all passes through (gets copied to) Utah [wired.com] as most MTAs don't use TLS by default. So your mail goes in or out in plaintext. Assuming both clients are end-to-end encrypted, emailing another user of the same ISP should be secure.

It's a good point about breaking IMAPS or other protocols that expect the contents to be unencrypted (at least in memory / ramdisk) on the server. They could provide a webmail client where local javascript performs the decryption with your private

If I were REALLY paranoid, I would get to some place where no one else can see what's going on, inside a Faraday cage, with the person I want to communicate with, in a sound-proofed booth

Ooh, sounds good! Then maybe if the feds come after you, you can detonate pre-installed C4 and blow up the factory that was your hideout because Will Smith made a phone call. Then Will Smith says "AW HELL NAW" and shoots a dude with a shotgun, and you drive away over some train tracks.

That's quite true. The only real way to oppose coercion, is by ubiquitous technical means. I.e. by evolving a highly desired network layer on top of the existing one that can only be accessed with solid anonymizing protocols.

Imagine e.g. something like Freenet, but instead of the meager and low-quality mostly demo crap it currently contains, it would be filled with invaluable highly popular sites that everyone including all those politicians and their parents and kids, want and NEED to access on a regular

Banning encryption will make eavesdropping on your banking transactions so much easier for the common thief; it will make reading out secret data from stolen corporate notebooks so much easier without full hdd-encryption. It will open wireless networks to each and everybody. Congress, please show your incompetence once again, and make this country the laughing stock of the world... again (remember the laws banning exporting encryption software as it was considered ammunition, but allowing publishing of the